General
-
Target
a948fbdcad698753bf25834eb0f91243_JaffaCakes118
-
Size
256KB
-
Sample
240819-dbp9nsterl
-
MD5
a948fbdcad698753bf25834eb0f91243
-
SHA1
e560fb188ca68910f1a21e973f71d32f049f89e7
-
SHA256
528e115c8d8adefc51be4492301110652231dbb6db2add636f7bf6b4a9f1e142
-
SHA512
261ece67b1849747df33c967bfd454c4781d9e166eba0961c35fb3122f81414eb4755889e2fce82ebb672e942ed9de953bea6c0b0936a55b0a6e4327081925fd
-
SSDEEP
6144:1rbzQpsXzM0cbTz7HlOeciyu+r4WLh07X0YjB6:1Upzz7Zct9r4yi3jA
Malware Config
Targets
-
-
Target
a948fbdcad698753bf25834eb0f91243_JaffaCakes118
-
Size
256KB
-
MD5
a948fbdcad698753bf25834eb0f91243
-
SHA1
e560fb188ca68910f1a21e973f71d32f049f89e7
-
SHA256
528e115c8d8adefc51be4492301110652231dbb6db2add636f7bf6b4a9f1e142
-
SHA512
261ece67b1849747df33c967bfd454c4781d9e166eba0961c35fb3122f81414eb4755889e2fce82ebb672e942ed9de953bea6c0b0936a55b0a6e4327081925fd
-
SSDEEP
6144:1rbzQpsXzM0cbTz7HlOeciyu+r4WLh07X0YjB6:1Upzz7Zct9r4yi3jA
Score10/10-
Modifies WinLogon for persistence
-
Adds Run key to start application
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies WinLogon
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2